I am trying to use the Adobe Target Admin API and I have encountered the following error while using any of the admin API request:
"error_code": "403003",
"message": "Api Key is invalid"
Note: The API key that I am using in any admin API request is same as the API key I used to generate JWT and access token using JWT.
Steps followed:
Step 1: Integration of Target API with public certificate in Adobe I/O console - Successful
Step 2: Generate JWT signed with private key - Successful
Step 3: Exchange JWT with access token - Successful
Step 4: Use the access token generated in Step-3 in an admin API request - Unsuccessful (Error Message - "Api key is Invalid")
Is it because of the fourth parameter in JWT payload from API Integration is different from that provided in sample code of Adobe I/O Authentication document? i.e.
Parameter in Sample code: 'https://ims-na1.adobelogin.com/s/ent_smartcontent_sdk': true
Parameter in JWT payload from API: "https://ims-na1.adobelogin.com/s/example_sdk": true,
JWT Payload:
"exp": 1524821003,
"iss": "....@AdobeOrg",
"sub": "....@techacct.adobe.com",
"https://ims-na1.adobelogin.com/s/example_sdk": true,
"aud": "https://ims-na1.adobelogin.com/c/....."
Here's a more detailed step by step how to document on generating the API token. Please try these steps to check if your issue is resolved .
1 - Generate private key and public certificate per the following documentation: https://www.adobe.io/apis/cloudplatform/console/authentication/createcert.html
On a Mac, the following commands are built into terminal.
On a PC, you will need to download Cygwin (or other tool of personal preference) and run it from command line. Here are the steps to download and install Cygwin:
Notes: Your home directory will be: C:\cygwin64\home\WINDOWSUSER
You can search for and install additional packages during the install phase. I recommend installing everything related to "curl" and "ssh"
Here is the command to run:
$ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356
Note: It will ask you several questions that you need to fill out to generate the certificate, see screenshot below:After the files have been created, you will convert the secret.key to secret.pem using the following command:
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem -nocrypt > secret.key
Here are the files that are created on your file system (you may move these files to another location on your machine at this point for organization):Notes: The files will be generated in your home directory: C:\cygwin64\home\WINDOWSUSER
2 - Create integration within the Adobe IO console:
Go to https://console.adobe.io/
Select company
click "New Integration" button
Select "Access an API" option, then click "continue"
Select Adobe Solution (currently only available for Target)
Note: User must be a user of the Experience Cloud AND have access to that solution.Select "New integration" and click "Continue"
Fill out integration form
Drag "certificate.pem" from file system into form to upload
Once the file is uploaded, click "Create integration" button - see screenshot: fileuploaded_createint
When processing is complete, click "continue to integration details"
Success! You have now created an integration
3 - Generate JSON Web Token (JWT):
In the Integration UI, click on the JWT tab, paste in private key, click Generate JWT button - see screenshot: generating JWT - inputOnce it is generated, you will see the JWT and a sample CURL command
Click on "copy" icon below "Generated JWT"4 - Exchange JWT for Bearer Access Token:
Note: If you run this in terminal on a Mac, the response seems to get truncated. Instead, use Postman
Download and install free API tool named "Postman" (available on Mac, Windows, or Linux): https://www.getpostman.com/
Import this api call into Postman by copying the code below into a text file on your computer with a .json extension:
{"id":"f6854718-2800-64a8-238e-e785e344f6cf","name":"Exchange JWT for Bearer token","description":"","order":["048b6fc7-f1db-5028-ff21-45778613e2c5"],"folders":[],"folders_order":[],"timestamp":1516812553075,"owner":"860614","public":false,"events":[],"variables":[],"auth":null,"requests":[{"id":"048b6fc7-f1db-5028-ff21-45778613e2c5","name":"Exchange JWT for Bearer token","collectionId":"f6854718-2800-64a8-238e-e785e344f6cf","method":"POST","description":"JWT exchange flow","headers":"","dataMode":"params","data":[{"key":"client_id","value":"0fa5e762277c414f903649dd51424ac6","type":"text"},{"key":"client_secret","value":"9ff026f2-dfa4-4228-8dfa-11d809d4706b","type":"text"},{"key":"jwt_token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0ODg4ODMzMzIsImlzcyI6IjY1NzhBNTU0NTZFODRFMjQ3RjAwMDEwMUBBZG9iZU9yZyIsInN1YiI6IjlDQjEyOTlENThCM0VDNkYwQTQ5NUM3RkB0ZWNoYWNjdC5hZG9iZS5jb20iLCJhdWQiOiJodHRwczovL2ltcy1uYTEuYWRvYmVsb2dpbi5jb20vYy8wZmE1ZTc2MjI3N2M0MTRmOTAzNjQ5ZGQ1MTQyNGFjNiIsImh0dHBzOi8vaW1zLW5hMS5hZG9iZWxvZ2luLmNvbS9zL2VudF9zbWFydGNvbnRlbnRfc2RrIjp0cnVlfQ.LwiDDjhwUfZ2ap89vfWd2ZVnfG-FwpQplKvzEecTLua_hvGNfQAZBPTHbVaXICPkeNjr41cRUr_OmNuOmtFOwVokUjd5rQCaGOqBNWWKPAyAAdXhBdE05oFa2Gar6adytKv-vf7gAnVQbv-PUADbCCtmxoOygbafXi9V3ZHz1FBwPJ8vpnZH4Il3zVf420XwnzLa9IB02nUciG_fQ0b1Qgj429Yi7m-lhW--2bMZKyNdSnioNaICFg6ASY1vnNm1zICPla224K_Lwzbrye8itgQStRUp1mH53Ww36xzqVxNIYLQCEoI9qxAJlR0HQhaXeSPrU9PmcExIyKBim2CZzg","type":"text"}],"rawModeData":"","url":"https:\/\/ims-na1.adobelogin.com\/ims\/exchange\/jwt\/","responses":[],"pathVariableData":[],"queryParams":[],"headerData":[],"auth":null,"collection_id":"08283cc0-461e-155c-e07f-ca64bae1dcae","isFromCollection":true,"collectionRequestId":"29f7fc5f-7e6d-01d4-de86-2f273b8a6429","currentHelper":null,"helperAttributes":null}]}
example filename: exchangeJwt.json
Import file into Postman by going to file > Import: you can drag and drop the .json file here or browse for the fileThis will create a "collection" in Postman on the left-hand side, with one API call in it named "Exchange JWT for Bearer token"
Click on the API call "Exchange JWT for Bearer token"
In the main section of the UI this is what you will seeNote: as highlighted in red above, I'm in the "Body" tab. If you are in another tab, you will not see the three pieces of information that are required
Info Needed:
Click "send"
The bearer token is retrieved, which will be used to make API calls
The access_token is what will be used as part of the API calls you intend to run
"access_token": "eyJ4NXUiOiJpbXNfbmExLWtleS0xLmNlciIsImFsZyI6IlJTMjU2In0.eyJpZCI6IjE1MTY3NDgxNjU5MzZfMjdiNTkwYmUtYjVlYy00ZjhiLTkzNWEtZTAyMjZmYTZiYTk1X3VlMSIsImNsaWVudF9pZCI6IjQyOTkxMzRlNzRkNTRkNTZhY2YyYTc4YjcyYTdlNDFlIiwidXNlcl9pZCI6IjkwNTEyQTlDNUE2N0I3ODEwQTQ5NUM5NEB0ZWNoYWNjdC5hZG9iZS5jb20iLCJ0eXBlIjoiYWNjZXNzX3Rva2VuIiwiYXMiOiJpbXMtbmExIiwiZmciOiJTRDRZQUNZSEhQSDdPRkFBQUFBQUFBQUFFST09PT09PSIsIm1vaSI6IjM3NTliZjQxIiwiYyI6IndTVTd3b1hIZkZSQk5xQmo3M2Z4anc9PSIsImV4cGlyZXNfaW4iOiI4NjQwMDAwMCIsInNjb3BlIjoib3BlbmlkLEFkb2JlSUQsdGFyZ2V0X3NkayxyZWFkX29yZ2FuaXphdGlvbnMsYWRkaXRpb25hbF9pbmZvLnByb2plY3RlZFByb2R1Y3RDb250ZXh0IiwiY3JlYXRlZF9hdCI6IjE1MTY3NDgxNjU5MzYifQ.fVJVREKZH3PM71-Y05Kkqqxq_O_z7BL5NL6S4ypNoSwLuqR9WOiXsF0GYcWZr6oO-jgYj8WrRePQLkg4GSoVthSbbXU6aqajPV2TsFNHpXRuJFBhql0e2eVCEE_pVI9O_uCa8RloGjJuFyyEAvroQFEIJzC7Q-OAnkXMT7xD-3r1cEV2xP_N3s86t34M5udO4fjas3RCJtAS1BEZOotlF_rB0kfvCZR9Krf-SVi_VedpsK7ipoJGfs7CLdN-_a4YGTC2CBJXwdK-4T0QJRkWedr8ooS0tzzfVcQ4WEZfw1edi-OYSuIbXf-Obl5R9NCzi5RMceiGTyGMyRrEcmy3WQ"
5 - Example API call:
Run Target call with access token
Hi There, Thanks for the reply. The error that I am facing is on the 5th step (in the flow mentioned). I have successfully completed first four steps and have successfully generated an Access Token with (X) client secret and (Y) client ID (or API ID). When I am using the access token generated to access an API (i.e. step 5) I am getting an error of "API Key is invalid", I am using the same API Key (Client ID) that i used to generate Access token.
kartikbhatia If you still face issues generating the token, then you will need to submit a support ticket via this link https://www.adobe.io/contactus.html . There is a dedicated team that handle issues with adobe io and they should be able to assist you further on this.
Great detailed reply! It's a shame that the picture links are dead.